virtualbox.org

End user forums for VirtualBox
https://forums.virtualbox.org/

NAT setup UDP wrong src ip

https://forums.virtualbox.org/viewtopic.php?t=29673

Page 1 of 1

NAT setup UDP wrong src ip

Posted: 6. Apr 2010, 21:17
by jerryhu
I have a CentOS guest on a CentOS host with NAT setup. On the guest, I run a syslog event collector listening to udp/514. Using port-forwarding syslog events are forwarded to guest. Somehow, the src ip of those event become 10.0.2.2 on guest, which on host, it shows the correct src ip. Here are tcpdump from both:

On host:

tcpdump -nvp udp port 514
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18:50:24.661024 IP (tos 0x0, ttl 64, id 25582, offset 0, flags [none], proto: UDP (17), length: 79) 10.155.69.23.syslog > 10.155.69.212.syslog: SYSLOG, length: 51
Facility daemon (3), Severity error (3)
Msg: Apr 6 18:52:35 last message repeated 352 times
18:50:24.661197 IP (tos 0x0, ttl 64, id 25583, offset 0, flags [none], proto: UDP (17), length: 117) 10.155.69.23.syslog > 10.155.69.212.syslog: SYSLOG, length: 89
Facility auth (4), Severity info (6)
Msg: Apr 6 18:52:35 sshd[34534]: Did not receive ident[|syslog]
18:50:24.745518 IP (tos 0x0, ttl 64, id 25585, offset 0, flags [none], proto: UDP (17), length: 191) 10.155.69.23.syslog > 10.155.69.212.syslog: SYSLOG, length: 163
Facility daemon (3), Severity error (3)
Msg: Apr 6 18:52:35 rpd[1318]: RPD_L2VPN_SITE_COLLISIO[|syslog]
18:50:31.825655 IP (tos 0x0, ttl 64, id 42236, offset 0, flags [none], proto: UDP (17), length: 116) 10.155.69.1.syslog > 10.155.69.212.syslog: SYSLOG, length: 88
Facility auth (4), Severity info (6)
Msg: Apr 6 18:43:46 sshd[64626]: Did not receive ident[|syslog]
18:50:31.921804 IP (tos 0x0, ttl 64, id 42239, offset 0, flags [none], proto: UDP (17), length: 116) 10.155.69.1.syslog > 10.155.69.212.syslog: SYSLOG, length: 88
Facility auth (4), Severity info (6)
Msg: Apr 6 18:43:46 sshd[64624]: Did not receive ident[|syslog]
18:50:33.086459 IP (tos 0x0, ttl 64, id 42251, offset 0, flags [none], proto: UDP (17), length: 117) 10.155.69.1.syslog > 10.155.69.212.syslog: SYSLOG, length: 89
Facility auth (4), Severity info (6)
Msg: Apr 6 18:43:47 sshd[64628]: Did not receive ident[|syslog]






On guest:

tcpdump -nvp udp port 514
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18:50:22.252032 IP (tos 0x0, ttl 64, id 24504, offset 0, flags [none], proto: UDP (17), length: 117) 10.0.2.2.514 > 10.0.2.15.514: SYSLOG, length: 89
Facility auth (4), Severity info (6)
Msg: Apr 6 18:43:34 sshd[64618]: Did not receive ident[|syslog]
18:50:27.128257 IP (tos 0x0, ttl 64, id 24506, offset 0, flags [none], proto: UDP (17), length: 79) 10.0.2.2.36744 > 10.0.2.15.514: SYSLOG, length: 51
Facility daemon (3), Severity error (3)
Msg: Apr 6 18:52:35 last message repeated 352 times
18:50:27.128351 IP (tos 0x0, ttl 64, id 24507, offset 0, flags [none], proto: UDP (17), length: 117) 10.0.2.2.36744 > 10.0.2.15.514: SYSLOG, length: 89
Facility auth (4), Severity info (6)
Msg: Apr 6 18:52:35 sshd[34534]: Did not receive ident[|syslog]
18:50:27.213209 IP (tos 0x0, ttl 64, id 24509, offset 0, flags [none], proto: UDP (17), length: 191) 10.0.2.2.36744 > 10.0.2.15.514: SYSLOG, length: 163
Facility daemon (3), Severity error (3)
Msg: Apr 6 18:52:35 rpd[1318]: RPD_L2VPN_SITE_COLLISIO[|syslog]
18:50:34.293485 IP (tos 0x0, ttl 64, id 24511, offset 0, flags [none], proto: UDP (17), length: 116) 10.0.2.2.514 > 10.0.2.15.514: SYSLOG, length: 88


I also tried ssh port forwarding (TCP), it worked fine. Is this a bug in VBox or I missed something here. Please help!

Re: NAT setup UDP wrong src ip

Posted: 6. Apr 2010, 21:33
by Perryg
See chapter 6.3. Network Address Translation (NAT) in your VirtualBox users guide for an explanation.

Re: NAT setup UDP wrong src ip

Posted: 6. Apr 2010, 22:02
by jerryhu
Perryg wrote:See chapter 6.3. Network Address Translation (NAT) in your VirtualBox users guide for an explanation.
Went through that chapter multiple times, not sure which section you were referring.

My case is UDP unicast, packets were sent from a device to udp/514 on host and then forwarded to guest on udp/514.
As I mentioned, ssh traffic worked fine (src ip is correct on both host and guest).

Re: NAT setup UDP wrong src ip

Posted: 13. Apr 2010, 20:29
by jerryhu
A ticket has been filed to track this issue: http://www.virtualbox.org/ticket/6524

Re: NAT setup UDP wrong src ip

Posted: 28. Aug 2010, 23:01
by appyface
Solved for me!

I'm using Virutalbox 3.2.8

After getting my TCP and UDP ports forwarded into my Guest VM using the 'modifyvm' parameter to VBoxManage, I was not consistently seeing UDP traffic being received into the Guest. I was also seeing 10.0.2.2 as the source address in some instances.

After banging my head against the wall for the last several days, I found this thread. Many thanks especially for the link to ticket 6524, it contains the fix that worked for me:

Code: Select all

VBoxManage modifyvm <your-vm name> --nataliasmode1 proxyonly
My Guest is now happily processing inbound UDP directed to its port. I hope this will help save someone else from senseless head-banging :D

Kind regards,
--appyface
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited